Agenda and draft minutes

The chair welcomed members and attendees to the meeting and welcomed to the meeting Mr Paul Whitfield and Mr Steven Whalley as external members of the Committee, the Chief Officer Audit and Risk, Corporate Risk Officer, Director Education and Lifelong Learning, and Acting Chief Financial Officer.  Invitations to the meeting were extended to the new external audit team however they were unable to attend.

Consider Audit Business Action Sheet.  (Copy attached.)

1.1       There had been circulated copies of the Audit Action Sheet which was presented by the Chief Officer Audit and Risk.  With reference to paragraph 7 of the Minute of the Meeting of Audit and Scrutiny Committee held on 22 November 2021, the software implementation action for the Business Continuity Framework was now complete; however this was the start of the process of the updating Business Continuity planning arrangements.  Contact had been made with lead owners of associated Internal Audit actions in Emergency Planning to extend due dates to make them achievable.

1.2       With reference to paragraph 13 of the Minute of the Meeting of Audit and Scrutiny Committee held on 27 June 2022, the Chief Officer Audit and Risk advised that briefing seminars had been delivered or were scheduled.  Briefings had taken place for: Risk Management Framework (7 September 2022); Treasury Management (9 November 2022); Internal Audit and Fraud Fundamentals (1 December 2022). Briefings were in the diary for Audit Committee Skills and Knowledge (2 February 2023); and annual Audit Committee self-assessment (1 March 2023).

1.3       With reference to paragraph 3 of the Minute of the Meeting held on 12 September 2022, a further update on progress on remaining audit actions for the Learning and Disability Service was scheduled for the March meeting of Audit Committee.

1.4       With reference to paragraph 6 of the Minute of the Meeting held on 12 September 2022, the Chief Officer Audit and Risk advised that a number of actions were underway by the Integrity Group.  Internal Audit were proposing to bring reports forward on Counter Fraud Controls Assessment and an update on progress on National Fraud Initiative to the February 2023 meeting of Audit Committee.

DECISION

NOTED the update.

Consider presentation by Director Education and Lifelong Learning.

2.1       The Chair introduced the Director Education and Lifelong Learning to give a presentation on risk management in Education and Lifelong Learning.  The presentation slide pack had been sent to members of the Committee on 9 December 2022. Ms Munro presented an organisational chart that outlined where service risks had been identified across and led by officers within Education and Lifelong Learning.  The corporate risk that Ms Munro manages for the Senior Leadership Team was highlighted in which if children or young people were placed or educated outwith the local area their needs may not be sufficiently met and such placements result in significant cost to the local authority.  This remained under active review rather than covered periodically, and Ms Munro worked with the Chief Officer Children and Young People’s Social Work and the Corporate Risk Officer took a detailed approach into factors affecting this risk.  The context reported showed an increased number of young people showing distressed behaviours which was identified as being an impact of the Covid-19 pandemic, including in children of a younger age profile than had previously been observed.  There was also a reduction seen in available and suitable foster care spaces, respite and placements externally in these areas.  This reflected the national picture.  There were internal controls that were regarded as partially effective as they tended to be procedural or of a governance nature rather than addressing the number of care spaces.  The next steps in management of the risks were to undertake an urgent review alongside the Director Social Work and Practice and the Director Health and Social Care to identify mitigating actions and to look at revenue and capital implications of any recommendations made.  Other corporate risks managed by the Director Education and Lifelong Learning were de-escalated following a structured exercise to map strategic risks from the Corporate Risk Register.  These related to Strategic Risk 18 Mental and Emotional Wellbeing of Children and Young People and Strategic Risk 20 Education System.  Work to finalise the Risk Appetite, Capacity and Tolerance Toolkit had been finalised and was being introduced to Risk Owners and Managers.  The Toolkit would help to meet the recommendation set out in the Risk Management Internal Audit Report 2021.

2.2       There were 30 Service Risks which Ms Munro presented to the committee.  Some risks were of limited lifespan which included Covid-19 related measures which may be removed in the near future.  Ms Munro suggested that some risks may be amalgamated such as those related to staffing.  Concern of the impact of short-term school closures has been reduced following the Covid-19 pandemic lockdown.  High impact risks in Community Learning and Development (CLD) were identified related to third sector funding and access to CLD services.  In line with the revised risk management policy, these would be reviewed by Directors to see if any further mitigation could be taken.  However, Ms Munro advised that this was a small service that would impact a lower number of users.  Risks to young people’s mental wellbeing and  ...  view the full minutes text for item 2.

Consider report by Chief Officer Audit and Risk.  (Copy attached.)

3.1       There had been circulated copies of a report by Chief Officer Audit and Risk that provided Members with the Risk Appetite Toolkit for Managers that had been developed.  Effective Risk Management was one of the foundations of effective Corporate Governance as recognised in the Council’s Local Code of Corporate Governance.  Compliance with the principles of sound Corporate Governance required the Council to adopt a coherent approach to the management of risks that it faced every day.  Better and more assured risk management would bring many benefits to the Council and the people it serves.  Management had the primary responsibility to systematically identify, analyse, evaluate, control and monitor risks to the achievement of the Council’s objectives.  Internal Audit was required to give independent assurance on the effectiveness of all internal controls and other arrangements put in place by Management to manage risk.  One of the Audit Committee’s functions was to scrutinise the framework of internal financial control, risk management and governance throughout the Council to ensure its adequacy.  In 2021, a revised Risk Management Policy statement and a 3-year Risk Management Strategy were endorsed by this Committee and approved by the Council to enable the Council to refine its approach to managing risks and embed these key aspects into the management practices of the Council.  A Risk Appetite Toolkit for Managers had been developed and was contained in Appendix 1 of the report.  The Toolkit provided additional guidance to Management by defining acceptable levels of risk in relation to different risk categories and built on guidance set out in the Risk Management Process Guide.

3.2       A number of questions were raised by Mr Whalley on the report.  The Chief Officer Audit and Risk advised that she had met with Directors to raise awareness of the document which was placed on the SBC intranet.  The document was early in its rollout.  The risk management criteria stated that red risks were reviewed at a minimum every three months, amber risks every six months, and green risks annually.  Education and Lifelong Learning were targeted for a rollout of the process.  The rollout would be an iterative process while conversations would take place with managers so that they were comfortable handling risk appetite and tolerance.

DECISION

NOTED

(a)       the development of the Risk Appetite Toolkit for Managers as an enhancement in support of implementing the Council’s Risk Management Policy and Strategy; and,

(b)       that the Risk Appetite Toolkit is being applied by Management, following its approval by Senior Leadership Team on 19 October 2022.

Consider report by Acting Chief Financial Officer.

4.1       There had been circulated copies of a report by Acting Chief Financial Officer that presented the mid-year report of treasury management activities for 2022-23, in line with the requirements of the CIPFA Code of Practice, including Prudential and Treasury Management Indicators, and sought comments from Audit Committee prior to consideration of the report by Council.  The report was required as part of the Council’s treasury management control regime.  It provided a mid-year report on the Council’s treasury activity during the six month period to 30 September 2022 and demonstrated that Treasury activity in the first six months of 2022-23 had been undertaken in full compliance with the approved Treasury Strategy and Policy for the year.  Appendix 1 of the report contained an analysis of the performance against the targets set in relation to Prudential and Treasury Management Indicators, and proposes revised estimates of these indicators in light of the 2021-22 out-turn and experience in 2022-23 to date for Council approval.

4.2       A number of points were raised by Mr Whalley.  A typing error was highlighted in page 8 of the report.  It was suggested that it would be worth noting to Council that the commentary reflected the UK government policy scenario at the time.  It was explained that Link Asset Services provided treasury advice and technical information to report to committees.  Councillor Scott highlighted an error in describing the increase in inflation from 9% to 9.9% in August 2022 which the Acting Chief Financial Officer advised would be addressed.

DECISION

(a)       NOTED that treasury management activity in the six months to 30 September 2022 was carried out in compliance with the approved Treasury Management Strategy and Policy; and,

(b)       AGREED

(i)        to the presentation of the Treasury Management Mid-Year Report 2022/23, as contained in Appendix 1, to Council for approval of the revised indicators; and,

(ii)       to address typing errors in the Report before being presented to Council.

Consider report by Chief Officer Audit and Risk.  (Copy attached.)

5.1       There had been circulated copies of a report by Chief Officer Audit and Risk that provided members of the Audit Committee with details of the recent work carried out by Internal Audit and the recommended audit actions agreed by Management to improve internal controls and governance arrangements.  The work Internal Audit had carried out in the period from 1 August to 31 October 2022 associated with the delivery of the approved Internal Audit Annual Plan 2022-23 was detailed in this report.  A total of 5 final Internal Audit reports had been issued.  There were 6 recommendations made associated with 2 of the reports (3 Medium-rated; 3 Low-rated).  An Executive Summary of the final Internal Audit assurance reports issued, including audit objective, findings, good practice, recommendations (where appropriate) and the Chief Officer Audit and Risk’s independent and objective opinion on the adequacy of the control environment and governance arrangements within each audit area, was shown in Appendix 1 to this report.  The SBC Internal Audit function conformed to the professional standards as set out in Public Sector Internal Audit Standards (PSIAS) (2017) including the production of this report to communicate the results of the reviews.

5.2       The Chief Officer Audit and Risk summarised the report for members and confirmed that the move to Internal Audit consultancy in a ‘critical friend’ role was a decision made by Internal Audit to ensure more value was taken from the internal audit process.  The recommendation for a ‘low’ rating on developing a policy on Councillor training to provide clarity on requirements to facilitate training needs assessment, monitoring and evaluation was explained by the Chief Officer Audit and Risk as having been made to have something in writing.  There had previously been implicit or unwritten rules regarding training needs assessment and that it was felt that Council should approve a formal policy on training of elected members.  With regards to changes to Clients’ SDS care plans being actioned timeously, the Chief Officer Audit and Risk explained that as part of the digital transformation strategy there would be an element of making it easier to fulfil obligations and that capacity challenges would be highlighted.

DECISION

NOTED

(a)       the Executive Summaries of the final Internal Audit assurance reports issued in the period from 1 August to 31 October 2022 associated with the delivery of the approved Internal Audit Annual Plan 2022-23;

(b)       the Internal Audit Consultancy and Other Work carried out in accordance with the approved Internal Audit Charter; and,

(c)       the assurance provided on internal controls and governance arrangements in place for the areas covered by this Internal Audit work.

Consider report by Chief Officer Audit and Risk.  (Copy attached.)

There had been circulated copies of a report by Chief Officer Audit and Risk that informed the Audit Committee of the progress Internal Audit has made, in the first 6 months of the year to 30 September 2022, towards completing the approved Internal Audit Annual Plan 2022-23.  It also summarised the statutory obligations for Internal Audit and requirements of the Public Sector Internal Audit Standards.  The Internal Audit Annual Plan 2022-23 that was approved by the Audit and Scrutiny Committee on 14 March 2022 set out the audit coverage for the year utilising available Internal Audit staff resources to enable the Chief Officer Audit & Risk (the Council’s Chief Audit Executive (CAE)), to provide the statutory annual Internal Audit opinion regarding the adequacy and effectiveness of internal control within the Council.  Internal Audit assurance services and annual opinions were also provided to the Scottish Borders Pension Fund Board and Committee, and the Scottish Borders Health and Social Care Integration Joint Board to meet their obligations.  The Appendix 1 of the report provided details of the half-yearly progress by Internal Audit with the delivery of its programme of work, which indicated good progress.  Some revisions to the Internal Audit Annual Plan 2022-23 would require approval by the Committee.  The programme of work for the six months from October 2022 to March 2023 with current resources indicated that the revised Internal Audit Annual Plan 2022-23 can be delivered in full.  The report also summarised the statutory obligations for Internal Audit and the requirements of the Public Sector Internal Audit Standards (PSIAS) with which the SBC Internal Audit function conformed.

DECISION

(a)       NOTED the progress Internal Audit has made towards completing the Internal Audit Annual Plan 2022-23;

(b)       AGREED:

(i)        that it is satisfied with the Performance of the Internal Audit service; and,

(ii)       approved the revisions to the Internal Audit Annual Plan 2022/23.

Consider report by Chief Officer Audit and Risk.  (Copy attached.)

7.1       There had been circulated copies of a report by Chief Officer Audit and Risk that provided an update to Members of the Audit Committee on the status of the implementation by Management of audit recommendations made and agreed in Internal Audit reports during 2021-22 and previous years.  Internal Audit was an independent appraisal function established for the review of the internal control system as a service to Scottish Borders Council.  It objectively examined, evaluated and reported on the adequacy of internal control as a contribution to the proper, economic, efficient and effective use of resources and the management of risk.  The Internal Audit activity added value to the organisation (and its stakeholders) when it considered strategies, objectives, and risks; strived to offer ways to enhance governance, risk management and control processes (by way of making audit recommendations); and objectively provided relevant assurance.  The Remit of the Audit Committee included the function to consider “all matters relating to the implementation of recommendations contained within internal audit reports”, as part of its high level oversight of the framework of internal control, risk management and governance within the Council.

7.2       The Chief Officer Audit and Risk presented the report and answered members’ questions.  With regards to long extensions to audit actions, particularly to Roads Asset Management, when the audit was taken, conversations took place with the Director and relevant managers with regards to resourcing and dependency.  The Chief Officer Audit and Risk was comfortable with timescales related to development as they may only be audited once every five years.  Assurance was given by the Chief Officer Audit and Risk that checks were made where Internal Audit Actions may be closed.  Assurance was also given by the Chief Officer Audit and Risk that the Internal Audit team had enough resource to cover the demands of audit work, noting that additional work was undertaken for the Health for Social Care Integration Joint Board and for the Pension Fund.

DECISION

(a)       NOTED:

(i)        the progress made by Management in implementing Internal Audit recommendations to improve internal controls and governance, and mitigate risks;

(ii)       that Internal Audit will continue to monitor the completion of outstanding recommendations and will provide update reports to this Committee; and,

(b)       AGREED that it is satisfied with progress made.

Consider update by Chief Officer Audit and Risk.

The Chief Officer Audit and Risk advised that a link  had been sent to members of the Committee on 9 December 2022 to a blog post by the Chair of Accounts Commission on Best Value which provided helpful context to the national view on developments of best value.

DECISION

NOTED the update.

The Chair stated that John Boyd, Audit Scotland, was unable to join the meeting but the Chair looked forward to welcoming the new external audit team to the Committee and watching the new relationship with the Council grow.